Posted
by
Soulskill
on Friday June 01, 2012 @12:18PM
from the stop-or-i'll-say-stop-again dept.

An anonymous reader writes "As Microsoft released the preview of the next version of its Internet Explorer browser, news that in Windows 8 the browser will be sending a 'Do Not Track' signal to Web sites by default must have shaken online advertising giants. 'Consumers can change this default setting if they choose,' Microsoft noted, but added that this decision reflects their commitment to providing Windows customers an experience that is 'private by default' in an era when so much user data is collected online.' This step will make Internet Explorer 10 the first web browser with DNT on by default. And while the websites are not required to comply with the users' do-not-track request, the DNT initiative — started by the U.S. Federal Trade Commission — is making good progress."

It's nice on the one hand that Microsoft is making the privacy option the default, but if DNT is unenforceable, wouldn't "DNT by default" give certain entities an excuse to ignore the DNT flag by default?

Sounds to me like this will end up like the internet version of the "Do Not Call" list.

Ask my family on how that one worked out.

It seems to be working pretty well to me. I still get some unsolicited calls, but probably about 10% of what I got before NDNC. Most of the remaining calls are from charities and political polling organizations which are exempted from NDNC.

The federal DNC list has quite a few exceptions that my local state DNC list did not have, such as charities and political groups. (Go figure Congress would exempt themselves, eh?) Since our state has dropped their DNC program in favor of the federal list, I'm getting a lot of calls again. Plus the feds are pretty lax about enforcing complaints. Our state AG dept was actually pretty good about it and would fine organizations if they got complaints.

Most people complaining about DNC violations are talking about exemptions, like charities, companies you do business with or did in the last 6 months, offers from those companies' partners, etc. Legitimate businesses are pretty good about DNC - heck, a lot of them will even scrub their own internal lists against the DNC, even though they're allowed to solicit to you as a customer. There are plenty of actual violations, definitely, but getting unsolicited cold-calls is the exception.

It's nice on the one hand that Microsoft is making the privacy option the default, but if DNT is unenforceable, wouldn't "DNT by default" give certain entities an excuse to ignore the DNT flag by default?

Expect browser add-ons to work around this. Their EULAs will mention this so there may be no DNT enforceability issue, the user clicked yes. Google, Facebook, etc will surely have various add-ons that will "enhance" the IE10 experience.

Yeah, both the FTC guidelines [ftc.gov] and the current W3C DNT draft [w3.org] both state that users should opt-out of tracking, not opt-in. Furthermore, the advertizing industry groups like that have had the most successful with self-regulation efforts [aboutads.info] have flat-out said that while they will respect the user's chose to opt-out, they will ignore any system that opts users out automatically.

Microsoft's decision here is completely counter productive. At best, it means that sites will add code to ignore theDNT header if the UA is IE. At worst it will derail the entire process.

You are completely missing the point. Compliance with the DNT is voluntary. That is a fact, not my opinion of how things should be. It is a polite request not to be tracked, no more no less. Several large advertizing industry groups have agreed to respect this request, and things have been progressing nicely along those lines. MS actions are basically a big "fuck you" to groups who have previously been cooperative.

Taking an antagonistic approach to solving a problem only works you have something to back your actions up. If there were laws or regulations requiring advertisers to follow the DNT, then MS actions would be productive. If MS were instead to implement technical means of blocking tracking, their actions would be productive.

But implementing a solution that requires the cooperation of others to have any affect whatsoever, and then being a complete asshole to those people is beyond pointless.

Even if not legal, the companies (atleast the big ones) that don't respect DNT can be publicly shamed and browser extensions etc. can be made which block those ad networks which don't respect it, and people can install those to put pressure on those companies(which would be able to show generic ads even with DNT on).

The status quo won't be affected in the least bit by making DNT opt-in for users.

Nothing is going to change anyways. This is all just mental masturbation.

Advertising is a wholly deplorable affair in which all active participants (excluding the victims) will be "sent to the special hell where they will be skinned alive and set simple".

Look at how hard Big Entertainment is fighting the "attacks" on their advertising platform through purchased legislation, intimidation, harassment, collusion, and outright terrorism.SonicBlue was sued out of existence for having the audacity to allow adver

I actually applaud MS (a very rare one for me). The voluntary system is what's fundamentally broken. They're just making it obvious. That will drive us toward a system that actually has legal teeth, which is what we really need.

You are completely missing the point. Compliance with the DNT is voluntary.

Sure, but so is cooperating with it on the browser side. Just as an advertiser can decide whether to ignore the flag, a browser distributor can decide whether to ignore the advertiser directive to make it off by default.

Taking an antagonistic approach to solving a problem only works you have something to back your actions up.

We do, and it is called AdBlock. I can't understand why distros don't just bundle it by default...

yes, ignored by Microsoft first and foremost, because as a general rule, when you have their operating system installed they are tracking you. It would be better if they automatically had DO NOT FUCK MY COMPUTER BECAUSE I ACCIDENTALLY OPENED THIS BROWSER turned on by default, that would be awesome...

My thoughts exactly. Voluntary standards like the DNT works when you know a minority of you users will turn it on. Kinda like Ad-block. The reason why there isn't an all out war on Ad-Block is because only a small percentage of people use it, so it is better to allow ad-block and not piss off a minority, who can be vocal and make a big deal out of it, causing a drop beyond just he ad-block users. However if the majority is using Ad-Block then you have sucked the companies revenue and you can just write o

...if DNT is unenforceable, wouldn't "DNT by default" give certain entities an excuse to ignore the DNT flag by default?

Yes, but a certain competitor has a tendency to take the high road in these matters (or at least appear to do so). If Google honors DNT, then they lose out on data that their core business depends on. If they don't honor DNT, then +1 propaganda point for Microsoft.

Hardware/Windows version info: kindof needed to do the jobvarious stats info: shady needed for WGA checkingSoftware info: again needed for updating said software (the MS stuff and anything else that hooks WU

you do know that there are OFFLINE patch tools availible like WSUSOFFLINE right??

I've come to like complexity in villainous characters. I know, I know, it's all the rage now; I'm just saying this is a bandwagon I jumped on. They can't all be Saurons, give me a Jaime Lannister now and then.

Concur; good on Microsoft. Now all they have to do is start a "Privacy-Protected"-certified webring/list where any website where DNT is enforced will be listed and add a user-controllable filter to IE and/or Bing searches for that feature/condition.

Google makes it money from tracking users and selling customized ads. Google would look bad if they didn't honor DNT. Microsoft is setting the standard that DNT should be on by default, which reduces the ability for Google to track you all over the web. MS is not an ad company, so they really won't feel this as much.

Google makes it money from tracking users and selling customized ads. Google would look bad if they didn't honor DNT. Microsoft is setting the standard that DNT should be on by default, which reduces the ability for Google to track you all over the web. MS is not an ad company, so they really won't feel this as much.

Google will probably offer a handy little add-on that will "enhance" your IE10 experience. It will probably disable DNT or work around it in some manner, the EULA will mention this, the user will click yes I agree.

no need to disable the dnt. by installing or agreeing to using any google service you'll give them permission to track you. they'll need to start giving the cookie notice anyways, they'll wrap a nice long eula to it and be done with it.

no need to disable the dnt. by installing or agreeing to using any google service you'll give them permission to track you. they'll need to start giving the cookie notice anyways, they'll wrap a nice long eula to it and be done with it.

I wonder what is in Android's EULA, if Google has some tracking authorization in there?

Yes, this is an attack on Google, and has little to do with being "pro-consumer". In fact, I would consider it "anti-consumer", since non-paranoid people benefit from tracking, because it means the ads they are going to see anyway are tailored to their actual interests. I have no interest in turning off tracking, and want ad agencies to have as much information about me and my interests as I can give them.

Just in case Google is parsing this post: I will be buying a new mini-van later this summer.

Yes, this is an attack on Google, and has little to do with being "pro-consumer".

I keep seeing this presented as an attack on Google, but it seems to me that it would help Google more than it would hurt it. Consider this: If you're logged into a Google service they can (and will) still track you. With Google's new privacy policy it doesn't matter which service you're logged in to. So if you use Google Docs, Gmail, YouTube, etc. and don't log out every time you do a Google search you'll be getting tracked re

Yes, exactly! Everybody wants everything for free! Without any downside! Let's do that!

It's just not realistic. If you don't want ads but you want your websites, you have to propose an alternate revenue stream for them. Most people, when given the option, choose ads over subscription; I know I do. And I know the ads I hate the most are the ones that spam me with products I hate. Relevant, targeted advertising is a vastly superior experience (until it creeps people out, that is).

Microsoft has Bing, which supposedly uses user histories to judge what kind of results they want. They already have the reputation for being evil, though, so nobody really expects them to honor DNT. They can gather all the data they want, and laugh for a while until Google launches its next product to embarrassingly point out Microsoft's lack of innovation.

Google makes it money from tracking users and selling customized ads. Google would look bad if they didn't honor DNT. Microsoft is setting the standard that DNT should be on by default, which reduces the ability for Google to track you all over the web. MS is not an ad company, so they really won't feel this as much.

Well, they are (they do sell ads, including customized ones, and do collect and track user data), they just aren't as successful at it as Google is. They also don't currently honor DNT. So what

Microsoft is making a bold (translate: risky) move with the huge changes in Windows 8, and they will need all the consumer sympathy they can muster. I classify the decision to include Flash support for select sites (e.g. disney.com) is in the same category with this default DNT policy. When October comes around, get out the popcorn.

Actually that is expected, because the desktop IE on Windows 8 can run all the same plugins as previous IE versions can. Metro IE can't run (or even install) any plugins, because it is all about sandboxing apps and conserving battery life, just like an iPad, except that they threw this embedded Flash engine in there for the whitelist sites.

Sorry, but Windows has phoned home for at least 10 years, and sent data without user knowledge to 3rd party companies that could be traced to MS. IE may claim to have DNT on by default, but let's be clear. You will still be sending all kinds of tracking information to MS.

Seems to me to be a ploy to make money selling data to Google perhaps that Google gets now on their own.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent.

Skip that part?

Regardless, the GP asked for a citation of it happening, not whether or not the EULA allowed it. AFAIK, the only things that "phone home" are voluntary error reporting and WGA validation - and I remember something about the latter having been removed.

I'm sorry you fail at Google. No, I'm not going to Google that for you. If you don't trust information from the Google, then put a network sniffer on your home network, load a brand new PC with Windows and make it the only device outside of the sniffer on your network. Watch, and be amazed.

Ahh, hand waving.

I set up Fiddler2 which can even decode HTTPS locally and didn't find anything interesting going over the wire.

So if you have, please share and amaze me and us.

Or provide at least ONE reference that you think is credible, because all I see is BS when I search.

>It tells you explicitely that MS will give your info to a third party for so-called "statistical" purpose

Maybe you should read the thread and notice that I wasn't talking about packet sniffing proving that MS sends info.

Also, how does Microsoft get your personal info that it sends to an alleged unnamed mysterious 3rd parties? By carrier pigeon bypassing your internet? Do you mail them USB keys of your information? Geez, even the Apollo moon landing and 911 conspiracy theories make more sense than this B

- Contains software pre-installed by the Vendor. Expect the usual Symantec/Norton pre-installed crap to be phoning home every five minutes
- Likewise, except it to phone home to HP, Dell, or whatever, to download the latest ads... uh, I mean, "alerts". Yeah, yeah.
- Will phone home to Microsoft periodically to check for updates

Ubuntu actually does that last one too. Hell, for all I know, it does the first too, but I've never checked. Actually, no, wa

Sorry, but Windows has phoned home for at least 10 years, and sent data without user knowledge to 3rd party companies that could be traced to MS. IE may claim to have DNT on by default, but let's be clear. You will still be sending all kinds of tracking information to MS.

Seems to me to be a ploy to make money selling data to Google perhaps that Google gets now on their own.

This post is a perfect example of horseshit that regularly goes for +5 informative on Slashdot. Websites like Google track you and follow you around the web with ads and customizes the ads to your browsing history. MS? Does it really even know that you visited some site with Google ads on them(most of the websites around)?

Will the next version of Windows be the first in decades to not collect personally identifiable information from every user, by way of activation and other control schemes?

It might make the marketeers feel all good inside to spout platitudes like "private by default' in an era when so much user data is collected online," but let MS apply the same sacrosanct wisdom to its own practise.

huh? they're pushing you to use your live account just to log in to your own computer and to user programs provided through their store framework. if anything it's opposite of that. sure it's private by default - but not to ms!

clearly, DNT defaulting to on is a shot at google's advertising and analytical products.. but DNT as a whole is just a noble endeavor that simply will not work.. just like you can't stop spammers, slamming and cramming on your phone bill, phishing, and other scams/crooks.

How can we ever be sure that the server is actually honoring the Do Not Track request? Even if it was mandated by the law, I believe it's hard to monitor what's happening behind the scenes of some website.

This is a potential disaster in my eyes. We're talking about destroying the commercial web here. Advertising, for all its foibles, underpins vast amounts of free content and services. Data largely drives that value these days, by making ad distribution more efficient. The vast majority of the data underpinning this is anonymous - no names, no email addresses, no phone numbers - just general preferences inferred from the types of sites people visit.
DNT is not defined yet, but I suggest that a lot of your f

This is a potential disaster in my eyes. We're talking about destroying the commercial web here.

Actually, we're talking about destroying DNT. The whole point of DNT is that its opt-in for users. Honoring the DNT flag is voluntary, and no one is going to honor it if major browser vendors reverse the design to make it opt-out.

Advertisers move money to what's effective. If online advertising becomes less effective, they remove money from the ecosystem.

Your search example demonstrates a lack of industry knowledge. That's not the case that DNT impacts. Rather, it's knowing the user visited Nike.com in the last 30 days but didn't buy anything, so maybe you should show them a Nike ad if you get a chance. It's called retargeting or remarketing and it works a lot better than just spamming ads at everybody. It's also typically divo

I don't think Lynx sends the Do Not Track header when it requests a web page.

It's not really the tracking information being stored locally that's the problem, it's the server-side stuff across ad networks linked by IPs, user accounts, browsers, and anything else that can be used to identify a user.

Industry solutions (like DNT) are voluntary, unenforceable, empty gestures. DNT has almost no meaning, simply expressing the desire that things were different somehow, without defining how they should be different. DNT is less then an EULA -- it doesn't even ask for an "I Agree" response from the server. Will IIS implement a DNT response? Chrome 12 stopped downloading files without a content length header, so why aren't we reading about browsers demanding a valid DNT response?

I agree to a point. It's not that the gesture is empty, but it's impossible to implement correctly because it's unintelligible, vague, and opens web hosts up to possible privacy suits because "Do Not Track" is so ill defined.

Ignoring all the costly updates to many custom websites back-ends that I've developed for others, including non-profit groups: What does this mean for my own sites? I have a few personal websites, and one for an indie game that a few other folks and I are working on in our spare t

"Microsoft does not yet respond to the DNT signal, but we are actively working with other advertising industry leaders on what an implementation plan for DNT might look like, with a goal of announcing more details about our plans in the coming months."

I disabled 3rd-party cookies in FF and everything was fine for years till my bank changed their online banking. For the longest time I couldn't get it to work then one day I enabled 3rd-party cookies and BAM it worked. Yeah it just seems wrong when an online banking site requires you to also connect to a 3rd-party domain for some unknown reason. The 3rd-party domain is "billdomain.com"

Actually, IE9 is faster than Chrome in some respects (like canvas animations, to name one). Dramatically faster in some. In others it's slower (and in a few, dramatically slower). I use both it and Chrome every day. In general use, there's not a huge difference.

Not for tracking, no. But if I end up taking legal action because a Web site collected data about me and it ended up harming me (eg. it got stolen and used to impersonate me, causing me to have to clean up the financial mess that resulted), I have something I can bring up in court: "There is a standard way of indicating to the site that I do not consent to having data about me collected. I used that standard method to tell the site I did not consent. The site knew about this standard. The site knew or shoul

But if I end up taking legal action because a Web site collected data about me and it ended up harming me (eg. it got stolen and used to impersonate me, causing me to have to clean up the financial mess that resulted), I have something I can bring up in court: "There is a standard way of indicating to the site that I do not consent to having data about me collected.

Yep, and since I must track your IP address and port number to maintain any TCP/IP connections, I'm now risking legal action if I do anything other than just drop the fucking connection.

It's like "No Trespassing" signs on a fence: the sign doesn't stop anyone from hopping over the fence, they can't claim later that they didn't know they weren't allowed on the property.

No, it's like entrapment. Here's a website I'm giving a bunch of data to, and I'm telling them not to do anything with it, but expecting a service from them based on this data they're not supposed to do anything with. That's the most moronic, ill conceived, and contradictory thing I've ever read... and I've read the Bi

Yep, and since I must track your IP address and port number to maintain any TCP/IP connections, I'm now risking legal action if I do anything other than just drop the fucking connection.

Nope. You need to know the IP address and port while the connection's maintained, but you don't need to collect and store that information. You can let the OS forget about it the moment the connection's closed. And since you didn't collect or store it, it isn't there to be abused.